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a first secure container containing an audio file, the first 
secure container having associated a second rule, 
the second rule governing, at least in part, access 
to or other use of at least a portion of the audio 
file; 

hardware and/or software used for receiving and opening 

secure containers, said secure containers each including 
the capacity to contain at least one governed item, at 
least one rule being associated with each of said secure 
containers; 

a protected processing environment at least in part protecting at 
least some information contained in said protected processing 
environment from tampering by a user of said first apparatus, 
said protected processing environment including hardware 
and/or software used for applying said first rule and said second 
rule in combination to at least in part govern at least one aspect 
of access to or use of said audio file; and 


hardware and/or software used for transmission of secure 
containers to other apparatuses and/or for the receipt of secure 
containers from other apparatuses. 


A system as in Claim 7, said first apparatus further including: 
a secure database. 
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9. A system as in Claim 8 said first apparatus further including: 
a rights operating system. 

10. A system as in Claim 9, said first apparatus further including: 
node initialization hardware and/or software. 

11. A system as in Claim 7. in which said first apparatus memory includes 
at least one rule associated with a group of users. 

12. A system as in Claim 7, said first apparatus further including a card 
reader. 

13. A system as in Claim 7, said first apparatus comprising a kiosk, said 
kiosk further including: 

a document reader; 
a camera; 
a microphone; and 
a speaker. 

14. A system as in Claim 7, said first apparatus comprising a television 
set-top box. 

15. A system as in Claim 7, said first apparatus comprising a network 
electronic delivery server. 
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1 6. A system as in Claim 7, said second rule at least in part governing the 
ability of a user of said first apparatus to transmit said audio file to a 
second apparatus. 

1 7. A system as in Claim 16, said first secui^e container having associated 
a third rule at least in part governing the ability of a user to alter at least 
a portion of the contents of said first secure container. 

18. A system as in Claim 16, said first secure container having associated 
a third rule at least in part restricting the number of accesses and/or 
uses a user may make of at least a portion of the contents of said first 
secure container. 

19. A system as in Claim 16, said first secure container having associated 
a third rule at least in part restricting the duration of at least some 
accesses and/or uses of said audio file. 

20. A system as in Claim 7, said memory further storing audit information. 

21 . A system as in Claim 20, said audit information being stored in a 
second secure container. 

22. A system as in Claim 7, said memory further storing at least one 
routing slip. 

23. A system as in Claim 22, said routing slip including: 


4 



LAW OFFICES 

FiNNECAN, Henderson, 
Farabow, Garrett 

8 DUNNER,L.L.P. 

STANFORD RESEARCH PARK 
700 HANSEN WAY 
PALO ALTO, CALtF. 943 04 
65O-S49-6S0O 


« Patent 
.Dkt. No.: 7451.0004-02 
InterTrust Ref. No.: IT-6.1.1 (US) 


information relating to identification of at least one recipient of at least 
a portion of the contents of said first secure container. 

24. A system as in Claim 23, said first secure container having associated 
a third rule at least in part authorizing or allowing at least one action 
based at least in part on said routing slip identification information. 

25. A system as in Claim 24, said at least one action including transmitting 
at least a portion of the contents of said first secure container to 
another apparatus and/or another user, said authorization of said 
transmission by said third rule being at least in part based on the 
identity of at least one prior recipient of said first secure container 
contents. 

26. A system as in Claim 7, said first secure container having been 
received from a second apparatus and said second njle having been 
received from a third apparatus different from said second apparatus. 

27. A system as in Claim 7, said memory further storing at least one audit 
trail record. 

28. A system as in Claim 27, said audit trail record including information 
regarding the manner in which said first secure container and/or 
contents of said first secure container has been used. 
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29. A system as in Claim 7, said first apparatus including a signature 
apparatus, said signature apparatus including signature affixation 
hardware and/or software. 

30. A system as in Claim 7, said first apparatus further including user 
authentication hardware and/or software. 

31 . A system as in Claim 30, said user authentication hardware and/or 
software including biometric authentication hardware and/or software. 

32. A system as in Claim 31, said biometric authentication hardware 
and/or software including hardware and/or software which analyzes 
palm prints, signatures, voices, fingerprints, retinas, irises and/or faces. 

33. A system as in Claim 30, said user authentication hardware and/or 
software further including at least one secure identity token. 

34. A system as in Claim 7, said memory storing a digital certificate. 

35. A system as in Claim 34, said digital certificate including information 
relating to the identification of at least one individual. 

36. A system as in Claim 34, said digital certificate including information 
relating to the identification of at least one group. 
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37. A system as in Claim 34, said digital certificate including infomiation 
relating to the identification of said first apparatus. 

38. A system as in Claim 34, said digital certificate including biometric 
information related to the identification of at least one individual. 

39. A system as in Claim 34. said digital certificate being stored in a 
second secure container, said second secure container being stored in 
said memory. 

40. A system as in Claim 39, said memory storing one or more rules 
associated with said second secure container, said second secure 
container rules at least in part governing at least one aspect of access 
to or use of said digital certificate. 

41 . A system as in Claim 34, said digital certificate being stored in said first 
secure container. 

42. A system as in Claim 7, said memory storing at least one digital 
signature. 

43. A system as in Claim 42, said digital signature being stored in a secure 
container. 

44. A system as in Claim 43, said secure container including at least one 
cryptographic key. 
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45. A system as in Claim 44, said secure container in which said digital 
signature is stored being a second secure container, different from said 
first secure container. 

46. A system as in Claim 45, said memory storing at least one mle at least 
in part governing at least one aspect of access to or use of said digital 
signature. 

47. A system as in Claim 7, said memory storing at least one electronic 
seal. 

48. A system as in Claim 47. said electronic seal including a digital 
representation of a handwritten signature. 

49. A system as in Claim 47, said electronic seal including receipt 
information. 

50. A system as in Claim 47, said electronic seal including usage 
information. 

51 . A system as in Claim 50, said usage information including information 
at least in part identifying usage of said audio file. 

52. A system as in Claim 47, said electronic seal including at least one 
image designed to allow for visual recognition of said seal. 
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53. A system as in Claim 47, said seal including encoded information. 

54. A system as in Claim 53, said encoded information being 
steganographically encoded in said seal. 

55. A system as in Claim 47, said electronic seal including a digital 
signature. 

56. A system as in Claim 47, said electronic seal including validation 
information. 

57. A system as in Claim 47, said electronic seal including information 
regarding at least one transmission of said first secure container. 

58. A system as in Claim 57, said transmission information including 
information regarding the transmitter of said first secure container, 

59. A system as in Claim 47, said electronic seal including at least one 
rule. 

60. A system as in Claim 59, said at least one electronic seal rule 
governing, at least in part, at least one aspect of access to or use of 
said first secure container contents. 
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61 , A system as in Claim 47, said electronic seal including a 
representation of at least one aspect of said first secure container 
contents. 

62, A system as in Claim 61 , said representation including a hash of at 
least a portion of said first secure container contents. 

63, A system as in Claim 62, said hash constituting a hash of at least a 
portion of said audio file after normalization of said portion. 

64, A system as in Claim 62, said electronic seal further including a time 
value. 

65. A system as in Claim 62, said electronic seal further including a 
certificate value obtained from a digital certificate. 

66. A system as in Claim 47, said electronic seal including encrypted 
information. 

67. A system as in Claim 66, said encrypted information being encrypted, 
at least in part, using a key from a public/private key pair. 

68. A system as in Claim 67, said encryption key belonging to at least one 
individual or entity responsible at least in part for at least one 
transmission of said audio file. 
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69. A system as in Claim 47, said electronic seal further including at least 
one error correction code. 


70. A system as in Claim 69, said error correction code being derived from 
at least a portion of said first secure container contents. 

71 . A system as in Claim 47, said electronic seal being stored in a secure 
container. 


72. A system as in Claim 71 , said secure container in which said electronic 
seal is stored being a second secure container, different from said first 
secure container. 



73. A system as in Claim 72, said memory storing at least one rule at least 
in part governing at least one aspect of access to or use of said 
electronic seal. 

74. A system as in Claim 47, said audio file including at least one 
electronic seal. 


75. A system as in Claim 74, said electronic seal being stored in said first 
secure container. 
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76. A system as in Claim 7, said memory storing at least one electronic 
fingerprint. 
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77. A system as in Claim 76, said electronic fingerprint being stored in a 
secure container. 

78. A system as in Claim 77, said secure container in which said electronic 
fingerprint is stored being a second secure container, different from 
said first secure container. 

79. A system as in Claim 7, said first secure container containing at least 
one digital signature. 

80. A system as in Claim 79, said memory storing at least one rule at least 
in part governing at least one aspect of access to or use of said digital 
signature. 

81. A system as in Claim 7, said audio file including steganographically 
encoded information. 

82. A system as in Claim 81, said steganographically encoded information 
including at least one electronic fingerprint. 

83. A system as in Claim 81 , said steganographically encoded information 
including a first portion encoded using a first steganographic encoding 
technique and a second portion encoded using a second 
steganographic encoding technique. 
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84. A system as in Claim 83, in which said first steganographic encx)ding 
technique provides a higher degree of security than said second 
steganographic encoding technique. 

85. A system as in Claim 84, in which at least a portion of said 
steganographically encoded information is encrypted. 

86. A system as in Claim 83, in which said first portion is encrypted using a 
first technique which differs in at least one respect from a second 
encryption technique used for encryption of said second portion. 

87. A system as in Claim 86, in which said encryption techniques differ in 
at least the key used for each technique. 

88. A system as in Claim 86, in which said encryption techniques differ in 
the strength of encryption used. 

89. A system as in Claim 81 , in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
words or characters, said slight variances encoding at least a portion of 
said steganographically encoded information. 

90. A system as in Claim 81, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
lines of text, said slight variances encoding at least a portion of said 
steganographically encoded information. 
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91 . A system as in Claim 81 , in which said steganographic encoding 

includes at least the creation of slight variances in the gray scale used 
in at least a portion of the contents of said first secure container, said 
slight variances encoding at least a portion of said steganographically 
encoded information. 
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92. A system as in Claim 81 , in which said steganographic encoding 
includes at least the creation of slight variances in the color 
frequencies used in at least a portion of the contents of said first 
secure container, said slight variances encoding at least a portion of 
said steganographically encoded information, 

93. A system as in Claim 7, said system further including: 

a second apparatus, said second apparatus including 

user controls, 

a communications port, 

a processor, 

a memory containing a third rule, 

hardware and or/software used for receiving and opening secure 
containers, said secure containers each including the capacity to contain at 
least one governed item; 

at least one rule being associated with each of said secure containers; 
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a protected processing environment at least in part protecting at least 
some information contained in said protected processing environment from 
tampering by a user of said apparatus, said protected processing 
environment including hardware and/or software used for applying said third 
rule and rules associated with secure containers in combination to at least in 
part govern at least one aspect of access to or use of said governed item; and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 


94. A system as in Claim 93, said system further including at least one 


95. A system as in Claim 94, said intermediary residing at said first 


96. A system as in Claim 94, said intermediary being distributed between 
at least two locations, said two locations comprising said first 
apparatus and said second apparatus. 


97. A system as in Claim 95, said first apparatus including a 

communications server at least in part facilitating communications 
between an internal network and a public network. 
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electronic intermediary. 



apparatus. 
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98. A system as in Claim 97, wherein said public network constitutes the 
internet. 
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99. A system as in Claim 94, said intermediary constituting at least a 
portion of an apparatus operated by a communications service 
provider. 

100. A system as in Claim 94, said intermediary including digital signature 
hardware and/or software operatively connected to allow application of 
a digital signature tc an item. 

101. A system as in Claim 94, said intermediary including hash hardware 
and/or software operatively connected to allow calculation of a hash 
value based on an item. 

102. A system as in Claim 94, said intermediary including electronic seal 
hardware and/or software operatively connected to allow application of 
a electronic seal to an item. 

103. A system as in Claim 94, said intermediary including audit trail 
hardware and/or software operatively connected to record and store 
audit information relating to an item. 

104. A system as in Claim 103, in which said intermediary audit information 
includes information regarding at least one transmission of said item. 
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105. A system as in Claim 103, in which said intermediary audit information 
includes information regarding at least one access to said item. 

106. A system as in Claim 94, said intermediary including time stamp 
hardware and/or software operatively connected to provide time 
information. 

107. A system as in Claim 106, said intermediary including time certification 
hardware and/or software operatively connected to said time stamp 
hardware and/or software, said time certification including certification 
of time of transmission, receipt and/or use of an item. 

108. A system as in Claim 94, said intermediary including auditing hardware 
and/or software operatively connected to provide auditing services. 

109. A system as in Claim 94, said intermediary including authentication 
hardware and/or software. 

110. A system as in Claim 109, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
governed items. 

111. A system as in Claim 109, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a sender of a governed item and/or a site responsible for sending a 
governed item. 
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112. A system as in Claim 109, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a recipient of a governed item and/or a site at which a governed item is 
received. 

113. A system as in Claim 94, said intermediary including auction hardware 
and/or software operatively connected to provide electronic auction 
services. 

114. A system as in Claim 94, said intermediary including transaction 
clearing hardware and/or software operatively connected to provide 
services relating to clearing transactions. 

115. A system as in Claim 1 14, said transaction clearing services including 
payment-related services. 

116. A system as in Claim 115, said transaction clearing services including 
audit-related services. 

117. A system as in Claim 94, said intermediary including certification 
hardware and/or software operatively connected to provide certification 
services. 

118. A system as in Claim 117, said certification services including the 
creation of digital certificates. 
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119. A system as in Claim 94, said intermediary including currency 
hardware and/or software operatively connected to provide currency- 
related services. 

120. A system as in Claim 119, said currency-related services including 
currency conversion. 

121 . A system as in Claim 94, said intermediary including a secure archive. 

122. A system as in Claim 121 , said secure archive including receipt-related 
information. 

123. A system as in Claim 121 , said secure archive including information 
about transmissions of one or more items. 

124. A system as in Claim 121 , said secure archive including identification 
information relating to one or more items. 

125. A system as in Claim 121, said secure archive including authentication 
information relating to one or more items. 

126. A system as in Claim 121 , said secure archive authentication 
information including at least one hash value of at least a portion of an 
item. 
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127. A system as in Claim 121 , said secure archive including information 
relating to one or more controls. 

128. A system as in Claim 94, said intermediary including transmission 
hardware and/or software operatively connected to receive items from 
other apparatuses and to transmit items to other apparatuses. 

129. A system as in Claim 128, said transmission hardware and/or software 
operatively connected to provide store and forward services. 

130. A system as in Claim 94, said intermediary including cryptographic key 
repository hardware and/or software operatively connected to maintain 
a repository of cryptographic keys. 

131 . A system as in Claim 94, said intermediary including a user rights 
authority clearinghouse. 

132. A system as in Claim 131 , said user rights authority clearinghouse 
operatively connected to make rights available to users. 

1 33. A system including: 

a first apparatus including 

user controls, 

a communications port, 

a processor, 

a memory containing 
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a first rule, and 

a first secure container containing a video file, the first secure 
container having associated a second njle. the second rule governing, at 
least in part, access to or other use of at least a portion of the video file; 

hardware and/or software used for receiving and opening secure 
containers, said secure containers each including the capacity to contain 
at least one governed itenn, at least one rule being associated with each of 
said secure containers; 

a protected processing environment at least in part protecting at 
least some information contained in said protected processing 
environment from tampering by a user of said first apparatus, said 
protected processing environment including hardware and/or software 
used for applying said first rule and said second njle in combination to at 
least in part govern at least one aspect of access to or use of said video 
file; and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 


134. A system as in Claim 133, said first apparatus further including: 
a secure database. 

135. A system as in Claim 134, said first apparatus further including: 
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a rights operating system. 

136. A system as in Claim 135, said first apparatus further including: 
node initialization hardware and/or software. 

137. A system as in Claim 133, in which said first apparatus memory 
includes at least one rule associated with a group of users. 

138. A system as in Claim 133, said first apparatus further including a card 
reader. 

139. A system as in Claim 133, said first apparatus comprising a kiosk, said 
kiosk further including: 

a document reader; 
a camera; 
a microphone; and 
a speaker. 

140. A system as in Claim 133, said first apparatus comprising a television 
set-top box. 

141 . A system as in Claim 133, said first apparatus comprising a network 
electronic delivery server. 
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142. A system as in Claim 133, said second njle at least in part goveming 
the ability of a user of said first apparatus to transmit said video file to a 
second apparatus. 


143. A system as in Claim 147, said first secure container having 

associated a third mle at least in part governing the ability of a user to 
alter at least a portion of the contents of said first secure container. 


144. A system as in Claim 147, said first secure container having 
associated a third rule at least in part restricting the number of 
accesses and/or uses a user may make of at least a portion of the 
contents of said first secure container. 



145. A system as in Claim 147, said first secure container having 

associated a third rule at least in part restricting the duration of at least 
some accesses and/or uses of said video file. 


146. A system as in Claim 133, said memory further storing audit 
information. 


147. A system as in Claim 146, said audit information being stored in a 
second secure container. 
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148. A system as in Claim 1 33, said memory further storing at least one 
routing slip. 
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149. A system as in Claim 148, said routing slip including: 

information relating to identification of at least one recipient of at least 
a portion of the contents of said first secure container. 
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150. A system as in Claim 149. said first secure container having 
associated a third rule at least in part authorizing or allowing at least 
one action based at least in part on said routing slip identification 
information. 

151. A system as in Claim 1 50, said at least one action including 
transmitting at least a portion of the contents of said first secure 
container to another apparatus and/or another user, said authorization 
of said transmission by said third rule being at least in part based on 
the identity of at least one prior recipient of said first secure container 
contents. 

152. A system as in Claim 133, said first secure container having been 
received from a second apparatus and said second rule having been 
received from a third apparatus different from said second apparatus. 

153. A system as in Claim 133, said memory further storing at least one 
audit trail record. 

154. A system as in Claim 153, said audit trail record including information 
regarding the manner in which said first secure container and/or 
contents of said first secure container has been used. 
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155. A system as in Claim 133, said first apparatus including a signature 
apparatus, said signature apparatus including signature affixation 
hardware and/or software. 

156. A system as in Claim 133, said first apparatus further including user 
authentication hardware and/or software. 

157. A system as in Claim 156, said user authentication hardware and/or 
software including biometric authentication hardware and/or software. 

158. A system as in Claim 157, said biometric authentication hardware 
and/or software including hardware and/or software which analyzes 
palm prints, signatures, voices, fingerprints, retinas, irises and/or faces. 

1 59. A system as in Claim 1 56, said user authentication hardware and/or 
software further including at least one secure identity token. 

160. A system as in Claim 133, said memory storing a digital certificate, 

161 . A system as in Claim 160, said digital certificate including information 
relating to the identification of at least one individual, 

162. A system as in Claim 160, said digital certificate including information 
relating to the identification of at least one group. 
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163. A system as in Claim 160, said digital certificate including information 
relating to the identification of said first apparatus, 

164. A system as in Claim 160, said digital certificate including biometric 
information related to the identification of at least one individual. 

165. A system as in Claim 160, said digital certificate being stored in a 
second secure container, said second secure container being stored in 
said memory. 

166. A system as in Claim 165, said memory storing one or more rules 
associated with said second secure container, said second secure 
container njles at least in part governing at least one aspect of access 
to or use of said digital certificate. 

167. A system as in Claim 160, said digital certificate being stored in said 
first secure container. 

168. A system as in Claim 133, said memory storing at least one digital 
signature. 

169. A system as in Claim 168, said digital signature being stored in a 
secure container. 

170. A system as in Claim 169, said secure container including at least one 
cryptographic key. 
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171. A system as in Claim 170, said secure container in which said digital 
signature is stored being a second secure container, different from said 
first secure container. 

172. A system as in Claim 171 , said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
digital signature. 

173. A system as in Claim 133, said memory storing at least one electronic 
seal. 


174. A system as in Claim 173, said electronic seal including a digital 
representation of a handwritten signature. 

175, A system as in Claim 173, said electronic seal including receipt 
information. 


176. A system as in Claim 173, said electronic seal including usage 
information. 

177. A system as in Claim 176, said usage information including information 
at least in part identifying usage of said video file. 
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178. A system as in Claim 173, said electronic seal including at least one 
image designed to allow for visual recognition of said seal. 
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179. A system as in Claim 173, said seal including encoded information. 

180. A system as in Claim 179, said encoded information being 
steganographically encoded in said seal. 

181 . A system as in Claim 173, said electronic seal including a digital 
signature. 

182. A system as in Claim 173, said electronic seal including validation 
information. 

183. A system as in Claim 173, said electronic seal including information 
regarding at least one transmission of said first secure container. 

184. A system as in Claim 183, said transmission information including 
information regarding the transmitter of said first secure container. 

185. A system as in Claim 173, said electronic seal including at least one 
rule. 

186. A system as in Claim 185, said at least one electronic seal rule 
governing, at least in part, at least one aspect of access to or use of 
said first secure container contents. 
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187. A system as in Claim 173, said electronic seal including a 
representation of at least one aspect of said first secure container 
contents. 

188. A system as in Claim 187, said representation including a hash of at 
least a portion of said first secure container contents. 

189. A system as in Claim 188, said hash constituting a hash of at least a 
portion of said video file after normalization of said portion. 

190. A system as in Claim 188, said electronic seal further including a time 
value. 

191. A system as in Claim 188, said electronic seal further including a 
certificate value obtained from a digital certificate. 

192. A system as in Claim 173, said electronic seal including encrypted 
information. 

193. A system as in Claim 192, said encrypted information being encrypted, 
at least in part, using a key from a public/private key pair. 

194. A system as in Claim 193, said encryption key belonging to at least 
one individual or entity responsible at least in part for at least one 
transmission of said video file. 
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195. A system as in Claim 173, said electronic seal further including at least 
one error correction code. 

196. A system as in Claim 195, said error correction code being derived 
from at least a portion of said first secure container contents. 

197. A system as in Claim 173, said electronic seal being stored in a secure 
container. 

198. A system as in Claim 197, said secure container in which said 
electronic seal is stored being a second secure container, different 
from said first secure container. 

199. A system as in Claim 198, said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
electronic seal. 

200. A system as in Claim 173, said video file including at least one 
electronic seal. 

201 . A system as in Claim 200, said electronic seal being stored in said first 
secure container. 

202. A system as in Claim 133, said memory storing at least one electronic 
fingerprint. 
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203. A system as in Claim 202, said electronic fingerprint being stored in a 
secure container. 

204. A system as in Claim 203, said secure container in which said 
electronic fingerprint is stored being a second secure container, 
different from said first secure container. 

205. A system as in Claim 133, said first secure container containing at 
least one digital signature. 

206. A system as in Claim 205, said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
digital signature. 

207. A system as in Claim 133, said video file including steganographically 
encoded information. 

208. A system as in Claim 207, said steganographically encoded 
information including at least one electronic fingerprint. 

209. A system as in Claim 207, said steganographically encoded 
information including a first portion encoded using a first 
steganographic encoding technique and a second portion encoded 
using a second steganographic encoding technique. 


31 



LAW OFFICES 

Finn EG AN, Henderson, 
Farabow, Garrett 
s dunner,l.lp. 

STANFORD RESEARCH PARK 
700 HANSEN WAY 
PALO ALTO, CALIF. 94304 
650-849-6600 


« Patent 
.Dkt. No.: 7451.0004-02 
InterTrust Ref. No.: IT-6.1.1 (US) 


210. A system as in Claim 209, in which said first steganographic encoding 
technique provides a higher degree of security than said second 
steganographic encoding technique. 

211. A system as in Claim 210, in which at least a portion of said 
steganographically encoded information is encrypted. 

212. A system as in Claim 209, in which said first portion is encrypted using 
a first technique which differs in at least one respect from a second 
encryption technique used for encryption of said second portion. 

213. A system as in Claim 212, in which said encryption techniques differ in 
at least the key used for each technique. 

214. A system as in Claim 212, in which said encryption techniques differ in 
the strength of encryption used. 

21 5. A system as in Claim 207, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
words or characters, said slight variances encoding at least a portion of 
said steganographically encoded information. 

216. A system as in Claim 207, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
lines of text, said slight variances encoding at least a portion of said 
steganographically encoded information. 
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217. A system as in Claim 207, in which said steganographic encoding 

includes at least the creation of slight variances in the gray scale used 
in at least a portion of the contents of said first secure container, said 
slight variances encoding at least a portion of said steganographically 
encoded information. 
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218. A system as in Claim 207, in which said steganographic encoding 
includes at least the creation of slight variances in the color 
frequencies used in at least a portion of the contents of said first 
secure container, said slight variances encoding at least a portion of 
said steganographically encoded information. 

219. A system as in Claim 133, said system further including: 

a second apparatus, said second apparatus including 

user controls, 

a communications port, 

a processor, 

a memory containing a third rule, 

hardware and or/software used for receiving and opening secure 
containers, said secure containers each including the capacity to contain at 
least one governed item, at least one rule being associated with each of said 
secure containers; 

a protected processing environment at least in part protecting at least 
some information contained in said protected processing environment from 
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tampering by a user of said apparatus, said protected processing 
environment including hardware and/or software used for applying said third 
rule and rules associated with secure containers in combination to at least in 
part govern at least one aspect of access to or use of said governed item; and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 


220. A system as in Claim 219, said system further including at least one 
electronic intermediary. 



221 . A system as in Claim 220, said intermediary residing at said first 
apparatus. 


222. A system as in Claim 220, said intermediary being distributed between 
at least two locations, said two locations comprising said first 
apparatus and said second apparatus. 


223. A system as in Claim 221 , said first apparatus including a 

communications server at least in part facilitating communications 
between an internal network and a public network. 
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224. A system as in Claim 223, wherein said public network constitutes the 
internet. 
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225. A system as in Claim 220, said intermediary constituting at least a 
portion of an apparatus operated by a communications service 
provider. 

226. A system as in Claim 220, said intermediary including digital signature 
hardware and/or software operatively connected to allow application of 
a digital signature to an item. 

227. A system as in Claim 220, said intermediary including hash hardware 
and/or software operatively connected to allow calculation of a hash 
value based on an item. 

228. A system as in Claim 220, said intermediary including electronic seal 
hardware and/or software operatively connected to allow application of 
a electronic seal to an item. 

229. A system as in Claim 220, said intermediary including audit trail 
hardware and/or software operatively connected to record and store 
audit information relating to an item. 

230. A system as in Claim 229, in which said intermediary audit information 
includes information regarding at least one transmission of said item. 

231 . A system as in Claim 229, in which said intermediary audit information 
includes information regarding at least one access to said item. 
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232. A system as in Claim 220, said intermediary including time stamp 
hardware and/or software operatively connected to provide time 
information. 


233. A system as in Claim 232, said intermediary including time certification 
hardware and/or software operatively connected to said time stamp 
hardware and/or software, said time certification including certification 
of time of transmission, receipt and/or use of an item. 
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234. A system as in Claim 220, said intermediary including auditing 
hardware and/or software operatively connected to provide auditing 
services. 

235. A system as in Claim 220, said intermediary including authentication 
hardware and/or software. 

236. A system as in Claim 235, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
governed items.. 

237. A system as in Claim 235, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a sender of a governed item and/or a site responsible for sending a 
governed item. 
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238. A system as in Claim 235, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a recipient of a governed item and/or a site at which a governed item is 
received. 

239. A system as in Claim 220, said intermediary including auction 
hardware and/or software operatively connected to provide electronic 
auction services. 

240. A system as in Claim 220, said intermediary including transaction 
clearing hardware and/or software operatively connected to provide 
services relating to clearing transactions. 

241 . A system as in Claim 240, said transaction clearing services including 
payment-related services. 

242. A system as in Claim 241 , said transaction clearing services including 
audit-related services. 

243. A system as in Claim 220, said intermediary including certification 
hardware and/or software operatively connected to provide certification 
services. 

244. A system as in Claim 243, said certification services including the 
creation of digital certificates. 
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245. A system as in Claim 220, said intermediary including currency 
hardware and/or software operatively connected to provide currency- 
related services. 

246. A system as in Claim 245, said currency-related services including 
currency conversion. 

247. A system as in Claim 220, said intermediary including a secure 
archive. 

248. A system as in Claim 247, said secure archive including receipt-related 
information. 

249. A system as in Claim 247, said secure archive including information 
about transmissions of one or more items. 

250. A system as in Claim 247, said secure archive including identification 
information relating to one or more items. 

251 . A system as in Claim 247, said secure archive including authentication 
information relating to one or more items. 

252. A system as in Claim 247, said secure archive authentication 
information including at least one hash value of at least a portion of an 
item. 
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253. A system as in Claim 247, said secure archive including information 
relating to one or more controls. 

254. A system as in Claim 220, said intermediary including transmission 
hardware and/or software operatively connected to receive items from 
other apparatuses and to transmit items to other apparatuses. 

255. A system as in Claim 254, said transmission hardware and/or software 
operatively connected to provide store and fonA/ard services. 

256. A system as in Claim 220, said intermediary including cryptographic 
key repository hardware and/or software operatively connected to 
maintain a repository of cryptographic keys. 

257. A system as in Claim 220, said intermediary including a user rights 
authority clearinghouse. 

258. A system as in Claim 257, said user rights authority clearinghouse 
operatively connected to make rights available to users. 

259. A system including: 

a first apparatus including 

user controls, 

a communications port, 

a processor, 

a memory containing 

a first rule, and 
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a first secure container containing an image file, the first secure 
container having associated a second rule, the second rule governing, at 
least in part, access to or other use of at least a portion of the image file; 

hardware and/or software used for receiving and opening secure 
containers, said secure containers each including the capacity to contain at 
least one govemed item, at least one rule being associated with each of said 
secure containers; 

a protected processing environment at least in part protecting at least 
some information contained in said protected processing environment from 
tampering by a user of said first apparatus, said protected processing 
environment including hardware and/or software used for applying said first 
rule and said second rule in combination to at least in part govern at least one 
aspect of access to or use of said image file; and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 

260. A system as in Claim 259, said first apparatus further including: 
a secure database. 

261 . A system as in Claim 260, said first apparatus further including: 
a rights operating system. 
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262. A system as in Claim 261 , said first apparatus further including: 
node initialization hardware and/or software. 

263. A system as in Claim 259, in which said first apparatus memory 
includes at least one mle associated with a group of users. 

264. A system as in Claim 259, said first apparatus further including a card 
reader. 

265. A system as in Claim 259, said first apparatus comprising a kiosk, said 
kiosk further including: 

a document reader; 
a camera; 
a microphone; and 
a speaker. 

266. A system as in Claim 259, said first apparatus comprising a television 
set-top box. 

267. A system as in Claim 259, said first apparatus comprising a network 
electronic delivery server. 

268. A system as in Claim 259, said second rule at least in part governing 
the ability of a user of said first apparatus to transmit said image file to 
a second apparatus. 
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269. A system as in Claim 268, said first secure container having 

associated a third rule at least in part governing the ability of a user to 
alter at least a portion of the contents of said first secure container. 


270. A system as in Claim 268, said first secure container having 
associated a third rule at least in part restricting the number of 
accesses and/or uses a user may make of at least a portion of the 
contents of said first secure container. 


271 . A system as in Claim 268, said first secure container having 

associated a third rule at least in part restricting the duration of at least 
some accesses and/or uses of said image file. 



272. A system as in Claim 259, said memory further storing audit 
information. 


273. A system as in Claim 272, said audit information being stored in a 
second secure container. 


274. A system as in Claim 259, said memory further storing at least one 
routing slip. 
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275. A system as in Claim 274, said routing slip including: 

information relating to identification of at least one recipient of at least 
a portion of the contents of said first secure container. 
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276. A system as in Claim 275, said first secure container having 

associated a third rule at least in part authorizing or allowing at least 
one action based at least in part on said routing slip identification 
information. 
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277. A system as in Claim 276, said at least one action including 
transmitting at least a portion of the contents of said first secure 
container to another apparatus and/or another user, said authorization 
of said transmission by said third rule being at least in part based on 
the identity of at least one prior recipient of said first secure container 
contents. 

278. A system as in Claim 259, said first secure container having been 
received from a second apparatus and said second rule having been 
received from a third apparatus different from said second apparatus. 

279. A system as in Claim 259, said memory further storing at least one 
audit trail record. 

280. A system as in Claim 279, said audit trail record including information 
regarding the manner in which said first secure container and/or 
contents of said first secure container has been used. 

281 . A system as in Claim 279, said first apparatus including a signature 
apparatus, said signature apparatus including signature affixation 
hardware and/or software. 
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282. A system as in Claim 259, said first apparatus further including user 
authentication hardware and/or software. 

283. A system as in Claim 282, said user authentication hardware and/or 
software including biometric authentication hardware and/or software. 

284. A system as in Claim 283, said biometric authentication hardware 
and/or software including hardware and/or software which analyzes 
palm prints, signatures, voices, fingerprints, retinas, irises and/or faces. 

285. A system as in Claim 282, said user authentication hardware and/or 
software further including at least one secure identity token. 

286. A system as in Claim 259, said memory storing a digital certificate. 

287. A system as in Claim 286, said digital certificate including information 
relating to the identification of at least one individual. 

288. A system as in Claim 286, said digital certificate including information 
relating to the identification of at least one group. 

289. A system as in Claim 286, said digital certificate including information 
relating to the identification of said first apparatus. 

290. A system as in Claim 286, said digital certificate including biometric 
information related to the identification of at least one individual. 
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291 . A system as in Claim 286, said digital certificate being stored in a 
second secure container, said second secure container being stored in 
said memory. 

292. A system as in Claim 291 , said memory storing one or more njles 
associated with said second secure container, said second secure 
container rules at least in part governing at least one aspect of access 
to or use of said digital certificate. 

293. A system as in Claim 286, said digital certificate being stored in said 
first secure container. 

294. A system as in Claim 259, said memory storing at least one digital 
signature. 

295. A system as in Claim 294, said digital signature being stored in a 
secure container. 

296. A system as in Claim 295, said secure container including at least one 
cryptographic key. 

297. A system as in Claim 296, said secure container in which said digital 
signature is stored being a second secure container, different from said 
first secure container. 
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298. A system as in Claim 297, said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
digital signature. 

299. A system as in Claim 259, said memory storing at least one electronic 
seal. 

300. A system as in Claim 299, said electronic seal including a digital 
representation of a handwritten signature. 

301 . A system as in Claim 299, said electronic seal including receipt 
information. 

302. A system as in Claim 299, said electronic seal including usage 
information. 

303. A system as in Claim 302, said usage information including information 
at least in part identifying usage of said image file. 

304. A system as in Claim 299, said electronic seal including at least one 
image designed to allow for visual recognition of said seal. 

305. A system as in Claim 299, said seal including encoded information. 

306. A system as in Claim 305, said encoded information being 
steganographically encoded in said seal. 


46 



LAW OFFrCES 

FiNNEGAN, Henderson, 
Farabow, Garrett 
8 dunner,ll.p. 

STANFORD RESEARCH PARK 
700 HANSEN WAY 
PALO ALTO, CALIF. 94304 
eSO-S49-6600 


« Patent 
.Dkt. No.: 7451.0004-02 
InterTrust Ref. No.: IT-6.1.1 (US) 


307. A system as in Claim 299, said electronic seal including a digital 
signature. 

308. A system as in Claim 299. said electronic seal including validation 
information. 

309. A system as in Claim 299, said electronic seal including information 
regarding at least one transmission of said first secure container. 

310. A system as in Claim 309, said transmission information including 
information regarding the transmitter of said first secure container. 

311. A system as in Claim 299, said electronic seal including at least one 
rule. 

312. A system as in Claim 31 1 , said at least one electronic seal rule 
governing, at least in part, at least one aspect of access to or use of 
said first secure container contents. 

313. A system as in Claim 299, said electronic seal including a 
representation of at least one aspect of said first secure container 
contents. 

314. A system as in Claim 313, said representation including a hash of at 
least a portion of said first secure container contents. 
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315. A system as in Claim 314, said hash cx)nstituting a hash of at least a 
portion of said image file after normalization of said portion. 

316. A system as in Claim 314, said electronic seal further including a time 
value. 

317. A system as in Claim 314, said electronic seal further including a 
certificate value obtained from a digital certificate. 

318. A system as in Claim 299, said electronic seal including encrypted 
information. 

319. A system as in Claim 318, said encrypted information being encrypted, 
at least in part, using a key from a public/private key pair. 

320. A system as in Claim 319, said encryption key belonging to at least 
one individual or entity responsible at least in part for at least one 
transmission of said image file. 

321 . A system as in Claim 299, said electronic seal further including at least 
one error correction code. 

322. A system as in Claim 321 , said error correction code being derived 
from at least a portion of said first secure container contents. 
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324. 


325. 



329. 
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A system as in Claim 299, said electronic seal being stored in a secure 
container. 

A system as in Claim 323, said secure container in which said 
electronic seal is stored being a second secure container, different 
from said first secure container 

A system as in Claim 324, said memory storing at least one njle at 
least in part governing at least one aspect of access to or use of said 
electronic seal. 

A system as in Claim 299, said image file including at least one 
electronic seal. 

A system as in Claim 326, said electronic seal being stored in said first 
secure container. 

A system as in Claim 259, said memory storing at least one electronic 
fingerprint. 

A system as in Claim 328, said electronic fingerprint being stored in a 
secure container. 

A system as in Claim 329, said secure container in which said 
electronic fingerprint is stored being a second secure container, 
different from said first secure container. 
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331 . A system as in Claim 259. said first secure container containing at 
least one digital signature. 

332. A system as in Claim 331 , said memory storing at least one mle at 
least in part governing at least one aspect of access to or use of said 
digital signature. 

333. A system as in Claim 259, said image file including steganographically 
encoded information. 

334. A system as in Claim 333, said steganographically encoded 
information including at least one electronic fingerprint. 

335. A system as in Claim 333, said steganographically encoded 
information including a first portion encoded using a first 
steganographic encoding technique and a second portion encoded 
using a second steganographic encoding technique. 

336. A system as in Claim 335, in which said first steganographic encoding 
technique provides a higher degree of security than said second 
steganographic encoding technique. 

337. A system as in Claim 336, in which at least a portion of said 
steganographically encoded information is encrypted. 
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338. A system as in Claim 335, in which said first portion is encrypted using 
a first technique which differs in at least one respect from a second 
encryption technique used for encryption of said second portion. 

339. A system as in Claim 338, in which said encryption techniques differ in 
at least the key used for each technique. 

340. A system as in Claim 338, in which said encryption techniques differ in 
the strength of encryption used. 

341 . A system as in Claim 333, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
words or characters, said slight variances encoding at least a portion of 
said steganographically encoded information. 

342. -A system as in Claim 333, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
lines of text, said slight variances encoding at least a portion of said 
steganographically encoded information. 

343. A system as in Claim 333, in which said steganographic encoding 
includes at least the creation of slight variances in the gray scale used 
in at least a portion of the contents of said first secure container, said 
slight variances encoding at least a portion of said steganographically 
encoded information. 
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344. A system as in Claim 333, in which said steganographic encoding 
includes at least the creation of slight variances in the color 
frequencies used in at least a portion of the contents of said first 
secure container, said slight variances encoding at least a portion of 
said steganographically encoded information. 

345. A system as in Claim 259, said system further including a second 
apparatus, said second apparatus including: 

user controls, 

a communications port, 

a processor, 

a memory containing a third rule, 

hardware and or/software used for receiving and opening secure 
containers, 

said secure containers each including the capacity to contain at least 
one governed item. 


at least one rule being associated with each of said secure containers, 


a protected processing environment at least in part protecting at least 
some information contained in said protected processing environment from 
tampering by a user of said apparatus, said protected processing 
environment including hardware and/or software used for applying said third 
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mie and rules associated with secure containers in combination to at least in 
part govern at least one aspect of access to or use of said governed item, and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 
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346. A system as in Claim 345, said system further including at least one 
electronic intermediary. 

347. A system as in Claim 346, said intermediary residing at said first 
apparatus. 

348. A system as in Claim 346, said intermediary being distributed between 
at least two locations, said two locations comprising said first 
apparatus and said second apparatus. 

349. A system as in Claim 347, said first apparatus including a 
communications server at least in part facilitating communications 
between an internal network and a public network. 

350. A system as in Claim 349, wherein said public network constitutes the 
internet. 
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351 . A system as in Claim 346, said intermediary constituting at least a 
portion of an apparatus operated by a communications service 
provider. 

352. A system as in Claim 346, said intermediary including digital signature 
hardware and/or software operatively connected to allow application of 
a digital signature to an item. 

353. A system as in Claim 346, said intermediary including hash hardware 
and/or software operatively connected to allow calculation of a hash 
value based on an item. 

354. A system as in Claim 346, said intermediary including electronic seal 
hardware and/or software operatively connected to allow application of 
a electronic seal to an item. 

355. A system as in Claim 346, said intermediary including audit trail 
hardware and/or software operatively connected to record and store 
audit information relating to an item. 

356. A system as in Claim 355, in which said intermediary audit information 
includes informatior^ regarding at least one transmission of said item. 

357. A system as in Claim 355, in which said intermediary audit information 
includes information regarding at least one access to said item. 
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358. A system as in Claim 346, said intermediary including time stamp 
hardware and/or software operatively connected to provide time 
information. 

359. A system as in Claim 358, said intermediary including time certification 
hardware and/or software operatively connected to said time stamp 
hardware and/or software, said time certification including certification 
of time of transmission, receipt and/or use of an item. 

360. A system as in Claim 346, said intermediary including auditing 
hardware and/or software operatively connected to provide auditing 
services. 

361 . A system as in Claim 346, said intermediary including authentication 
hardware and/or software. 

362. A system as in Claim 361 , in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
governed items.. 

363. A system as in Claim 361 , in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a sender of a governed item and/or a site responsible for sending a 
governed item. 
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364. A system as in Claim 361 , in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a recipient of a governed item and/or a site at which a governed item is 
received. 

365. ' A system as in Claim 346, said intermediary including auction 

hardware and/or software operatively connected to provide electronic 
auction services. 
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366. A system as in Claim 346, said intermediary including transaction 
clearing hardware and/or software operatively connected to provide 
services relating to clearing transactions, 

367. A system as in Claim 366, said transaction clearing services including 
payment-related services. 

368. A system as in Claim 367, said transaction clearing services including 
audit-related services. 

369. A system as in Claim 346, said intermediary including certification 
hardware and/or software operatively connected to provide certification 
services. 

370. A system as in Claim 369, said certification services including the 
creation of digital certificates. 


56 



LAW OFFrCES 

FiNNECAN, Henderson, 
Farabow, Garrett 
s dunner,l.l.p. 

STANFORD RESEARCH PARK 
700 HANSEN WAY 
PALO ALTO, CALIF. 94304 
650-849-6600 


t Patent 
Dkt. No.: 7451.0004-02 
InterTrust Ref. No.: IT-6.1.1 (US) 


371 . A system as in Claim 346, said intermediary including currency 
hardware and/or software operatively connected to provide currency- 
related services. 

372. A system as in Claim 371 , said currency-related services including 
currency conversion. 

373. A system as in Claim 346, said intermediary including a secure 
archive. 

374. A system as in Claim 373, said secure archive including receipt-related 
information. 

375. A system as in Claim 373, said secure archive including information 
about transmissions of one or more items. 

376. A system as in Claim 373, said secure archive including identification 
information relating to one or more items. 

377. A system as in Claim 373, said secure archive including authentication 
information relating to one or more items. 

378. A system as in Claim 373, said secure archive authentication 
information including at least one hash value of at least a portion of an 
item. 
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379. A system as in Claim 373, said secure archive including information 
relating to one or more controls. 

380. A system as in Claim 346, said intermediary including transmission 
hardware and/or software operatively connected to receive items from 
other apparatuses and to transmit items to other apparatuses. 

381 . A system as in Claim 380, said transmission hardware and/or software 
operatively connected to provide store and forward services. 

382. A system as in Claim 346, said intermediary including cryptographic 
key repository hardware and/or software operatively connected to 
maintain a repository of cryptographic keys. 

383. A system as in Claim 346, said intermediary including a user rights 
authority clearinghouse. 

384. A system as in Claim 383, said user rights authority clearinghouse 
operatively connected to make rights available to users. 

385. A system including: 

a first apparatus including, 

user controls, 

a communications port, 

a processor, 

a memory containing 

a first rule, and 
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a first secure container containing a text file, the first secure container 
having associated a second rule, the second rule governing, at least in part, 
access to or other use of at least a portion of the text file; 

hardware and/or software used for receiving and opening secure 
containers,said secure containers each including the capacity to contain at 
least one governed item, at least one mle being associated with each of said 
secure containers; 

a protected processing environment at least in part protecting at least 
some information contained in said protected processing environment from 
tampering by a user of said first apparatus, said protected processing 


environment including hardware and/or software used for applying said first 


rule and said second rule in combination to at least in part govern at least one 


aspect of access to or use of said text file; and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 

386. A system as in Claim 385, said first apparatus further including: 
a secure database. 

387. A system as in Claim 386, said first apparatus further including: 
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388. A system as in Claim 387, said first apparatus further including: 
node initialization hardware and/or software. 

389. A system as in Claim 385, in which said first apparatus memory 
includes at least one rule associated with a group of users. 

390. A system as in Claim 385, said first apparatus further including a card 
reader. 


IP 


391 . A system as in Claim 385, said first apparatus comprising a kiosk, said 
kiosk further including: 
a document reader; 
a camera; 
a microphone; and 
a speaker. 


392. A system as in Claim 385, said first apparatus comprising a television 
set-top box. 

393. A system as in Claim 385, said first apparatus comprising a network 
electronic delivery server. 
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394. A system as in Claim 385, said second njle at least in part governing 
the ability of a user of said first apparatus to transmit said text file to a 
second apparatus. 
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395. A system as in Claim 394, said first secure container having 

associated a third rule at least in part governing the ability of a user to 
alter at least a portion of the contents of said first secure container. 


396. A system as in Claim 394, said first secure container having 
associated a third rule at least in part restricting the number of 
accesses and/or uses a user may make of at least a portion of the 
contents of said first secure container. 


397. A system as in Claim 394, said first secure container having 

associated a third rule at least in part restricting the duration of at least 
some accesses and/or uses of said text file. 



398. A system as in Claim 385, said memory further storing audit 
information. 


399. A system as in Claim 398, said audit information being stored in a 
second secure container. 


400. A system as in Claim 385, said memory further storing at least one 
routing slip. 
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401 . A system as in Claim 400, said routing slip including: 

information relating to identification of at least one recipient of at least 
a portion of the contents of said first secure container. 
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402. A system as in Claim 401 , said first secure container having 
associated a third rule at least in part authorizing or allowing at least 
one action based at least in part on said routing slip identification 
information, 

403. A system as in Claim 402, said at least one action including 
transmitting at least a portion of the contents of said first secure 
container to another apparatus and/or another user, said authorization 
of said transmission by said third rule being at least in part based on 
the identity of at least one prior recipient of said first secure container 
contents. 


404. A system as in Claim 403, said first secure container having been 

received from a second apparatus and said second rule having been 
received from a third apparatus different from said second apparatus. 


405. A system as in Claim 403, said memory further storing at least one 
audit trail record. 

406. A system as in Claim 405, said audit trail record including information 
regarding the manner in which said first secure container and/or 
contents of said first secure container has been used. 
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407. A system as in Claim 403, said first apparatus including a signature 
apparatus, said signature apparatus including signature affixation 
hardware and/or software. 
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408. A system as in Claim 403, said first apparatus further including user 
authentication hardware and/or software. 

409. A system as in Claim 408, said user authentication hardware and/or 
software including biometric authentication hardware and/or software. 

410. A system as in Claim 409, said biometric authentication hardware 
and/or software including hardware and/or software which analyzes 
palm prints, signatures, voices, fingerprints, retinas, irises and/or faces. 

411. A system as in Claim 408, said user authentication hardware and/or 
software further including at least one secure identity token. 

412. A system as in Claim 403, said memory storing a digital certificate. 

413. A system as in Claim 412, said digital certificate including information 
relating to the identification of at least one individual. 

414. A system as in Claim 412, said digital certificate including information 
relating to the identification of at least one group. 

415. A system as in Claim 412, said digital certificate including information 
relating to the identification of said first apparatus. 

416. A system as in Claim 412, said digital certificate including biometric 
information related to the identification of at least one individual. 
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417. A system as in Claim 412, said digital certificate being stored in a 
second secure container, said second secure container being stored in 
said memory. 

418. A system as in Claim 417, said memory storing one or more rules 
associated with said second secure container, said second secure 
container rules at least in part governing at least one aspect of access 
to or use of said digital certificate. 

419. A system as in Claim 412, said digital certificate being stored in said 
first secure container. 

420. A system as in Claim 403, said memory storing at least one digital 
signature. 

421 . A system as in Claim 420, said digital signature being stored in a 
secure container. 

422. A system as in Claim 421 , said secure container including at least one 
cryptographic key. 

423. A system as in Claim 422, said secure container in which said digital 
signature is stored being a second secure container, different from said 
first secure container. 
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424. A system as in Claim 423, said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
digital signature. 

425. A system as in Claim 403, said memory storing at least one electronic 
seal. 

426. A system as in Claim 425, said electronic seal including a digital 
representation of a handwritten signature, 

427. A system as in Claim 425, said electronic seal including receipt 
information. 

428. A system as in Claim 425, said electronic seal including usage 
information. 

429. A system as in Claim 428, said usage information including information 
at least in part identifying usage of said text file. 

430. A system as in Claim 425, said electronic seal including at least one 
image designed to allow for visual recognition of said seal. 

431. A system as in Claim 425, said seal including encoded information. 

432. A system as in Claim 431 . said encoded information being 
steganographically encoded in said seal. 
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433. A system as in Claim 425, said electronic seal including a digital 
signature. 

434. A system as in Claim 425, said electronic seal including validation 
information, 

435. A system as in Claim 425, said electronic seal including information 
regarding at least one transmission of said first secure container. 

436. A system as in Claim 435, said transmission information including 
information regarding the transmitter of said first secure container. 

437. A system as in Claim 425, said electronic seal including at least one 
rule. 

438. A system as in Claim 437, said at least one electronic seal rule 
governing, at least in part, at least one aspect of access to or use of 
said first secure container contents. 

439. A system as in Claim 425, said electronic seal including a 
representation of at least one aspect of said first secure container 
contents. 

440. A system as in Claim 439, said representation including a hash of at 
least a portion of said first secure container contents. 
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441 . A system as in Claim 440, said hash constituting a hash of at least a 
portion of said text file after normalization of said portion. 

442. A system as in Claim 440, said electronic seal further including a time 
value. 

443. A system as in Claim 440, said electronic seal further including a 
certificate value obtained from a digital certificate. 

444. A system as in Claim 425, said electronic seal including encrypted 
information. 

445. A system as in Claim 444, said encrypted information being encrypted, 
at least in part, using a key from a public/private key pair. 

446. A system as in Claim 445, said encryption key belonging to at least 
one individual or entity responsible at least in part for at least one 
transmission of said text file. 

447. A system as in Claim 425, said electronic seal further including at least 
one error correction code. 

448. A system as in Claim 447, said error correction code being derived 
from at least a portion of said first secure container contents. 
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449. A system as in Claim 425, said electronic seal being stored in a secure 
container. 

450. A system as in Claim 449, said secure container in which said 
electronic seal is stored being a second secure container, different 
from said first secure container. 

451 . A system as in Claim 450, said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
electronic seal. 

452. A system as in Claim 425, said text file including at least one electronic 
seal. 

453. A system as in Claim 452, said electronic seal being stored in said first 
secure container. 

454. A system as in Claim 403, said memory storing at least one electronic 
fingerprint. 

455. A system as in Claim 454, said electronic fingerprint being stored in a 
secure container. 

456. A system as in Claim 455, said secure container in which said 
electronic fingerprint is stored being a second secure container, 
different from said first secure container. 
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457. A system as in Claim 403, said first secure container containing at 
least one digital signature. 

458. A system as in Claim 457, said memory storing at least one rule at 
least in part governing at least one aspect of access to or use of said 
digital signature. 

459. A system as in Claim 403, said text file including steganographically 
encoded information. 

460. A system as in Claim 459, said steganographically encoded 
information including at least one electronic fingerprint. 

461 . A system as in Claim 459, said steganographically encoded 
information including a first portion encoded using a first 
steganographic encoding technique and a second portion encoded 
using a second steganographic encoding technique. 

462. A system as in Claim 461 , in which said first steganographic encoding 
technique provides a higher degree of security than said second 
steganographic encoding technique. 

463. A system as in Claim 462, in which at least a portion of said 
steganographically encoded information is encrypted. 


69 



UAW OFFfCES 

FiNNEGAN, Henderson, 
Farabow, Garrett 
s dunner,l.l.p. 

STANFORD RESEARCH PARK 
700 HANSEN WAY 
PALO ALTO, CALIF. 94304 
650-649 -6600 


« Patent 
Dkt. No.: 7451.0004-02 
InterTrust Ref. No.: IT-6.1.1 (US) 


464. A system as in Claim 461 , in which said first portion is encrypted using 
a first technique which differs in at least one respect from a second 
encryption technique used for encryption of said second portion. 

465. A system as in Claim 464, in which said encryption techniques differ in 
at least the key used for each technique. 

466. A system as in Claim 464, in which said encryption techniques differ in 
the strength of encryption used. 

467. A system as in Claim 459, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
words or characters, said slight variances encoding at least a portion of 
said steganographically encoded information. 

468. A system as in Claim 459, in which said steganographic encoding 
includes at least the creation of slight variances in spacings between 
lines of text, said slight variances encoding at least a portion of said 
steganographically encoded information. 

469. A system as in Claim 459, in which said steganographic encoding 
includes at least the creation of slight variances in the gray scale used 
in at least a portion of the contents of said first secure container, said 
slight variances encoding at least a portion of said steganographically 
encoded information. 
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470. A system as in Claim 459, in which said steganographic encoding 
includes at least the creation of slight variances in the color 
frequencies used in at least a portion of the contents of said first 
secure container, said slight variances encoding at least a portion of 
said steganographically encoded information. 

471 . A system as in Claim 403, said system further including a second 
apparatus, said second apparatus including: 

user controls, 

a communications port, 

a processor, 

a memory containing a third rule, 

hardware and or/software used for receiving and opening secure 
containers, 

said secure containers each including the capacity to contain at least 
one governed item, 

at least one rule being associated with each of said secure containers, 

a protected processing environment at least in part protecting at least 
some information contained in said protected processing environment from 
tampering by a user of said apparatus, said protected processing 
environment including hardware and/or software used for applying said third 
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rule and rules associated with secure containers in combination to at least in 
part govern at least one aspect of access to or use of said governed item, and 

hardware and/or software used for transmission of secure containers 
to other apparatuses and/or for the receipt of secure containers from other 
apparatuses. 

472. A system as in Claim 471 , said system further including at least one 
electronic intermediary. 

473. A system as in Claim 472, said intermediary residing at said first 
apparatus. 

474. A system as in Claim 472, said intermediary being distributed between 
at least two locations, said two locations comprising said first 
apparatus and said second apparatus. 

475. A system as in Claim 473, said first apparatus including a 
communications server at least in part facilitating communications 
between an internal network and a public network. 

476. A system as in Claim 475, wherein said public network constitutes the 
internet. 
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477, A system as in Claim 472, said intermediary constituting at least a 
portion of an apparatus operated by a cx)mmunications service 
provider. 


478. A system as in Claim 472, said intermediary including digital signature 
hardware and/or software operatively connected to allow application of 
a digital signature to an item. 


479. A system as in Claim 472, said intermediary including hash hardware 
and/or software operatively connected to allow calculation of a hash 
value based on an item. 


480. . A system as in Claim 472, said intermediary including electronic seal 



hardware and/or software operatively connected to allow application of 
a electronic seal to an item. 


481 . A system as in Claim 472, said intermediary including audit trail 

hardware and/or software operatively connected to record and store 
audit information relating to an item. 


482. A system as in Claim 481 , in which said intermediary audit information 
includes information regarding at least one transmission of said item. 
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483. A system as in Claim 481 , in which said intermediary audit information 
includes information regarding at least one access to said item. 
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484. A system as in Claim 472, said intermediary including time stamp 
hardware and/or software operatively connected to provide time 
information. 

485. A system as in Claim 484, said intermediary including time certification 
hardware and/or software operatively connected to said time stamp 
hardware and/or software, said time certification including certification 
of time of transmission, receipt and/or use of an item. 

486. A system as in Claim 472, said intermediary including auditing 
hardware and/or software operatively connected to provide auditing 
services. 

487. A system as in Claim 472, said intermediary including authentication 
hardware and/or software. 

488. A system as in Claim 487, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
governed items.. 

489. A system as in Claim 487, in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a sender of a governed item and/or a site responsible for sending a 
governed item. 
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490. A system as in Claim 487. in which said authentication hardware 
and/or software is operatively connected to at least in part authenticate 
a recipient of a governed item and/or a site at which a governed item is 
received. 

491 . A system as in Claim 472, said intermediary including auction 
hardware and/or software operatively connected to provide electronic 
auction services. 

492. A system as in Claim 472, said intermediary including transaction 
clearing hardware and/or software operatively connected to provide 
services relating to clearing transactions. 

493. A system as in Claim 492, said transaction clearing services including 
payment-related services. 

494. A system as in Claim 493, said transaction clearing services including 
audit-related services. 

495. A system as in Claim 472, said intermediary including certification 
hardware and/or software operatively connected to provide certification 
services. 

496. A system as in Claim 495, said certification services including the 
creation of digital certificates. 
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497. A system as in Claim 472, said intermediary including currency 
hardware and/or software operatively connected to provide currency- 
related services. 

498. A system as in Claim 497, said currency-related services including 
currency conversion. 

499. A system as in Claim 472, said intermediary including a secure 
archive. 

500. A system as in Claim 499, said secure archive including receipt-related 
information. 

501 . A system as in Claim 499, said secure archive including information 
about transmissions of one or more items. 

502. A system as in Claim 499, said secure archive including identification 
information relating to one or more items. 

503. A system as in Claim 499, said secure archive including authentication 
information relating to one or more items. 

504. A system as in Claim 499, said secure archive authentication 
information including at least one hash value of at least a portion of an 
item. 
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505. A system as in Claim 499, said secure archive including information 
relating to one or more controls. 

506. A system as in Claim 472, said intermediary including transmission 
hardware and/or software operatively connected to receive items from 
other apparatuses and to transmit items to other apparatuses. 

507. A system as in Claim 506, said transmission hardware and/or software 
operatively connected to provide store and fonvard services. 

508. A system as in Claim 472, said intermediary including cryptographic 
key repository hardware and/or software operatively connected to 
maintain a repository of cryptographic keys, 

509. A system as in Claim 472, said intermediary including a user rights 
authority clearinghouse. 

510. A system as in Claim 509, said user rights authority clearinghouse 
operatively connected to make rights available to users. 

Remarks 

The present application is a continuation of U.S. Patent Appln. No. 
09/221 ,479, filed December 28, 1998, as a continuation of U.S. Patent Appln. 
No. 08/699,711, filed August 12, 1996, as a continuation-in-part of U.S. 
Patent Appln. No. 08/388.107, filed February 13, 1995. 
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